I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor with
given application.
And in IE (Win2003) if I run it by myself it executes calc.exe or any other
exe in any place with shell and directory traversal.
But when I try to link it from a webpage it doesn't work my computer zone or
internet zone it opens file download dialog box.
Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc
> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJ_at_bek.com]
> Sent: Thursday, July 08, 2004 6:41 PM
> To: vuln-dev_at_securityfocus.com
> Subject: Shell:
>
> What do you think about this in Mozilla OR IE?
>
> shell:windows\system32\cmd.exe
>
> I can't seem to pass any variables to it though because it bombs but my
> syntax may be incorrect.
>
>
>
> Joshua Perrymon
> Sr. Network Security Consultant
> PGP Fingerprint
> 51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021
>
> **********CONFIDENTIALITY NOTICE**********
> The information contained in this e-mail may be proprietary and/or
> privileged and is intended for the sole use of the individual or
> organization named above. If you are not the intended recipient or an
> authorized representative of the intended recipient, any review, copying
> or distribution of this e-mail and its attachments, if any, is prohibited.
> If you have received this e-mail in error, please notify the sender
> immediately by return e-mail and delete this message from your system.
>
>
Received on Jul 09 2004
Intro
